Guide: OpSec for The Masses

Okay, let's go over some key things:

  • Google knows you. It's better if Google knows you a little bit than if 100 different companies know you a lot.
  • It might seem contradictory, but try to avoid Google products. I am putting a lot of emphasis on the "little bit" from the previous line.
  • Using a VPN is not the ultimate solution. In many cases, it's even worse.
  • Don't reuse passwords, especially crappy ones.
  • Password managers are your friends. DO NOT STORE PASSWORDS ON CHROME.
  • Don't use Google Chrome. There are plenty of great alternatives. Brave is one of them. Also, most browsers are just Chromium based, so they are not that much faster or slower than one another.

Email

People need to understand that email is not a bulletproof means of communication for plenty of reasons, but first, let's go over the agents that we are facing:

  • The Dark Forces: hackers and companies looking to mine and/or collect your data. Both want to use you/your data and online persona for profit.
  • Governments: They believe that they need to surveil you to protect the security of the nation or if you are under investigation, breach your privacy. I am not here to discuss the deontological and ethical principles that empower laws. After all, we live in a society with rules. However, I have concerns about overreaching rules.

ProtonMail is sold to people as a security option, but is it 100% secure? Kind of... Some data has been provided to authorities, but in their defense, it was inevitable due to how email technology works. But other than that, they do a great job protecting against The Dark Forces. Also, the fact that they are based in Switzerland helps in dealing with the Government side of things.

What about Gmail? If you have a Gmail account, you can be sure that the only Dark Force is Google, and that could be worse. They will also comply with any subpoena. But in this day and age, can we live without the G-suite products? Probably yes, but it's very inconvenient, especially if you are unwilling to pay for replacing services, and that's where they get you.

My suggestion is that you filter what is mission-critical for your life and act accordingly. Use Gmail for convenience and ProtonMail for security. If you are willing to buy a mailbox, there are quite good alternatives. But again, we are talking about the masses here.

Also, the reaction that Google has when an unknown device logs in is great. They make it their mission to ensure that the only Dark Force in your account is Google. It's something like this when you log into your cousin's laptop to show your latest trip to Benidorm (Fort Lauderdale of Spain):